I have a Java program that interacts with Mercurial repositories using the hg client executed using commons exec. Since I will have to occasionally pass user inputs to hg (such as proxy settings, source url, etc.), what libraries are available to sanitize the inputs for me? I'm currently just stripping anything after and including the first ';' character but am unsure of other methods where someone can run arbitrary commands.
Sanitize inputs to external process
269 Views Asked by dteoh At
1
There are 1 best solutions below
Related Questions in JAVA
- Add image to JCheckBoxMenuItem
- How to access invisible Unordered List element with Selenium WebDriver using Java
- Inheritance in Java, apparent type vs actual type
- Java catch the ball Game
- Access objects variable & method by name
- GridBagLayout is displaying JTextField and JTextArea as short, vertical lines
- Perform a task each interval
- Compound classes stored in an array are not accessible in selenium java
- How to avoid concurrent access to a resource?
- Why does processing goes slower on implementing try catch block in java?
- Redirect inside java interceptor
- Push toolbar content below statusbar
- Animation in Java on top of JPanel
- JPA - How to query with a LIKE operator in combination with an AttributeConverter
- Java Assign a Value to an array cell
Related Questions in PROCESS
- I run an EXE program from a Windows Service but I can't see form C#?
- How can launch an external process from java and still be able to interact with this process?
- Unable to start program outside Windows folder
- Check if app is already running, and if kill it C#
- How to process A direct send message to a thread of process B?
- Batch script ignores %ERRORLEVEL% or using previously set one
- How do I know the last sched time of a process
- How to close a file handle which came from a parent process C#
- Execute 'ksetup.exe' commandline command programmatically
- Process ran as different user - web service call
- Starting process from .NET app and Attachment Execution Service
- Share info between two processes - what's the safest way?
- Independent process in php
- Managing a Process inside a Thread
- erlang processes and message passing architecture
Related Questions in INPUT
- Trying to set the value of an input with mechanize
- Extract value of a input hidden DOMXpath php
- If Input is focused trigger X else trigger Y
- When in click a radio button, it scroll to the top. How to prenvent that?
- Numeric Keyboard display using HTML input type
- how to get user to pick inputs Java
- Input cursor windows phone phonegap
- C++ cin can't read in integers with 0 in them
- Phonegap VideoPlayer Plugin Sample Code
- Input Autofocus on type
- Why this JavaScript code does not work?
- How to input a value that has a unit as "per something"?
- Is there a standard way to capture keyboard inputs that works in a c++ application for linux and windows?
- Disable or Enable buttons based on some conditions
- How to get keystrokes with java outside of frames
Related Questions in EXTERNAL
- Limit items on external list using BCS Filter
- Externalized filters when building a Maven project
- twisted logic: a global variable in one file refers to an extern variable but is also referred by that extern variable
- How to read a value on a specific line in an external file into an AWK script
- Curl post username/password to login
- Hive external table not showing partitions
- Open external application in own form
- external jquery mobile not implementing jquery mobile style
- Reading an external txt file on main.class
- JavaScript Only Image Hover
- Mad Mimi Error When Trying to Send Email to a List
- Mad Mimi Error when Trying to Send an e-mail to a list
- Updating a DIV inside a Collapsible in JQuery Mobile only when the Collapsible is opened (eg. load on demand)
- In general, how expensive is calling an external program?
- Writing to an External File on Android --- File Doesn't Register, But Java Can Read
Related Questions in SANITIZE
- Sanitizing preg_match via Request in Laravel 5 not working as it should
- PHP with PDO: Compare santized input (filter_var) with prepared statement data
- Sanitize Array inside save_post
- Sanitizing sentence in PHP with preg_replace
- Injecting JavaScript into HTML while bypassing Rails Sanitize
- CakePHP sanitize parameter
- Are there any better alternatives to Sanitize for a Ruby app?
- Rails DON'T sanitize
- WordPress - How to sanitize multi-line text from a textarea without losing line breaks?
- rails sanitize pops out of <p> tag
- Angular - How do I sanitize a style inside a plain typescript class?
- How to sanitize a df according to specific variable values?
- Sanitize inputs to external process
- jQuery sanitizing comments and linkifying URLs
- Sanitize dynamic SQL query created by user. only SELECT allowed (no INSERT,UPDATE,DELETE,DROP, EXEC, etc...)
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
You cannot be safe by blacklisting (thats what you are doing). Instead you have to whitelist the allowed chars (letters, numbers, space, dot, ...). Resist the temptation to blacklist, it never works. (For example does you code survive spaces? Does it survive \0 chars?)